At least two distinct threat actors are weaponizing a novel
evasion technique called OAuth client ID spoofing in cloud
campaigns, while slipping past telemetry. The activity allows users
to enumerate user accounts and validate stolen credentials in
Microsoft Entra ID environments, without ever generating a
successful sign-in event that would otherwise alert defenders. And
bad actors have begun
Read more https://thehackernews.com/2026/07/oauth-client-id-spoofing-lets-attackers.html

